SET <set-fw@bigfoot.com>
March 2000           http://www.set-ezine.org


---[ CONTENTS ]---

- 01 -  Introduction
- 02 -  Oddities
- 03 -  Conclusions


Introduction
=-=-=-=-=-=-


Browsers under Linux will hang when trying to access certain devices, this
bug may be considered similar to the \con\con bug except that the 
technological superiority of Linux will prevent a system crash.
Examples have been tested under different versions of Lynx and Netscape,
sometimes the behaviour of the browser differ.
The bug was originally reported by Fuska in a message posted in the
SET forum.
Original message URL:
http://www.coolboard.com/msgshow.cfm/msgboard=377408526880083&msg=571161262892011&page=1&idDispSub=63896961854800


Some of the devices that will make a browser hang are
/dev/tty*
/dev/cua*
/dev/std*
/dev/egp
/dev/ggp
/dev/inet/*
/dev/initctl

You could embed this bug in a test page in the form:
<a href="file:/dev/tty1"> Surprise </A>

As you might imagine there are some secondary effects like losing the
control of your keyboard for some seconds, etc and of course (needless
to say) you can't open a file you haven't permissions for.

If you don't want to wait for someone to follow a link you can make
the process quicker by using this mini-page or some variation.

<html>
<body onload=window.open('file:/dev/stderr')>
</body>
</html>

Hangs Netscape (with javascript enabled) 


We have put a small test page on-line:
http://www.set-ezine.org/browser-test.html


Oddities
=-=-=-=-

Trying to open /dev/mouse will have the effect of freezing the mouse,
you won't be returned control until the page load is halted.
With /dev/ftape you will have some minutes of fun seeing your fd drive
going crazy but perhaps you should buy a new one after the show is over
(this hasn't been thoroughly tested), note that this can be induced
remotely with a simple link or auto-magically.

There are plenty of devices that will act 'funny' when called this way,
after playing for some time you should check how many modules you have
loaded, it's possible that a remote site could make a html page to 
load some kernel modules in your machine, trying to guess if you are
hosting any popular trojan module or with a more dangerous idea.
An example could be using /dev/audio or /dev/ptmx as the target file.
Watching syslog output you'll see that some modules "refuse" to die
and keep scanning for devices.



Conclusions
=-=-=-=-=-=

This text is not intended to cause 'alarm', although sometimes the effects
of accesing devices can be annoying most of the time they can be limited
by a mid-experienced user anyway the ability of crashing a browser or
loading modules remotely without your consent isn't clearly what you 
would want.
Finally we want to remind that Fuska was the person who give us the
first notice about this bug.


Feel free to copy and distribute.

SET (c) 2000 . http://www.set-ezine.org